LISTSERV - HP3000-L Archives

HP3000-L Archives

September 2001, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L September 2001, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Help!! Auditors
From:	Richard Gambrell <[log in to unmask]>
Reply To:	Richard Gambrell <[log in to unmask]>
Date:	Sat, 8 Sep 2001 07:10:41 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (48 lines)

Dave wrote:
...
>         So I have held the wolves at bay for a while longer.  But how do I
> dispose of them?  They are going to say "You do not comply to standard
> practices".  The fact that the practices were developed for UNIX and NT will
> not hold water.  So how do I handle questions about password aging?  Hacking
> attempts.  I feel I can get away with saying that they are immune to viruses,
> since none exist.  How do y'all handle MANAGER.SYS passwords.  I have 200
> systems to manage.  Also the fact that nobody has penetrated our system in 4000
> accumulated years is not relevent.  What think folks.

One of the better answers is consistently use both account and user
passwords, then you can say your system requires TWO passwords, but
Unix and NT only require ONE.  Plus sometimes applications can require
passwords or lockwords, and at least Image DB will (should) have a password,
so you can even say there are THREE passwords that are required to get
at the data.

Auditors may be impressed by the number of passwords that must be
passed to get at the data.

If most users use just a few accounts, then you can rather easily change
account passwords, thereby meeting an audit criteria of changing passwords
regularly.

Finally, MPE is safe from the typical buffer overruns that allow
arbitrary code to be executed that plague security for NT and Unix
systems.  If you don't manage a Unix or NT system you don't realize
how much this helps - it is a tremendous advantage of MPE.

Richrd

>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

--
Richard L Gambrell, Senior Information Technology Consultant and
Director of Computing Systems and Networks
Information Technology Division, University of Tennessee at Chattanooga
Fax: 423-755-4150                Support Help-Desk: 423-755-4000
Direct phone: 423-755-5316       ITD Business Office: 423-757-1755
Mobile (urgent): 423-432-5122    Main UTC: 423-755-4111
Email: [log in to unmask]

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU